"A surprising number of governments are now deploying their own custom malware and the end result could be chaos for the rest of us, F-Secure's malware chief Mikko Hypponen told the TrustyCon ( https://www.trustycon.org/ ) conference in San Francisco on Thursday.
'Governments writing viruses: today we sort of take that for granted but 10 years ago that would have been science fiction,' he told the public conference. 'If someone had come to me ten years ago and told me that by 2014 it will be commonplace for democratic Western governments to write viruses and actively deploy them against other governments, even friendly governments, I would have thought it was a movie plot. But that's exactly where we are today.'
http://www.scmagazine.com/trustycon-malware-expert -mikko-hypponen-kicks-off-conference-on-trust/arti cle/336089/"
And you don't need to infect the kernel at all. All you need are "zero days" on common browsers/clients(IM etc) or common plugins (many Governments can MITM you if you're in their territory or they really really want to). Then the malware gets in and sets itself up to keep running - at, crontab, sneaky aliases, etc.
Very few Linux users run their browsers using other accounts or sandbox their browsers (and do check if your sandbox is tight enough for such a scenario - the last I checked years ago Ubuntu's default apparmor browser sandbox was rather loose- but I've given up on Ubuntu for desktop stuff any more so I'm not bothered).
So even if kernel or privilege escalation exploits would be nice, there's no need in most cases. The user's stuff- email, keys, IM, browser cache (for frame jobs and other stuff), etc would all be accessible already.
There may be lots of different distros and configuration but in my experience writing cross platform stuff for linux and unix platforms (BSD, Solaris, AIX etc) a perl script can cope with most of that (one issue is SSL support across all those distros, but if you don't care about encrypting all your channels with SSL that's not a big problem- and even then there are usually workarounds with cli http clients).
TIMTOWTDI is great for writing malware too ;).